EAP-TLS and Active Directory

Scott Armitage S.P.Armitage at lboro.ac.uk
Wed Nov 25 12:14:20 CET 2015


> On 25 Nov 2015, at 11:07, Matthew Newton <mcn4 at LEICESTER.AC.UK> wrote:
> 
> On Wed, Nov 25, 2015 at 10:22:52AM +0100, Simon Larsson wrote:
>> My goal here is to have it so that when a user connects to the
>> network, the user should automatically get access that users
>> network resources.
> 
> As has been said there are many ways to do this.
> 
> We check the certificate subject against the AD LDAP to ensure
> that the machine is permitted to connect.

Not telling you how to suck eggs Matthew, but couldn’t you improve efficiency by using an OCSP check instead.



Scott
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20151125/b747aa8a/attachment.sig>


More information about the Freeradius-Users mailing list